summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichal Klocek <michal.klocek@qt.io>2018-06-05 12:46:38 +0200
committerMichal Klocek <michal.klocek@qt.io>2018-06-05 14:13:28 +0000
commit606fc8cdf8a57451a3979bacd6fbfeb6ca21837f (patch)
tree62011e12bde29d56398e31dc3b60ece58de06d47
parentc1daae1d02178800e8095d99fc30bfcb7f720927 (diff)
[Backport] CVE-2018-6130
Reland "Check that iterator is valid before dereferencing in RtpFrameReferenceFinder." This reverts commit 1998d56bf17b598fba506cd602a6b0dcc1f663a5. Reason for revert: Creating fix for previously broken CL. Bug: chromium:838402 Reviewed-on: https://webrtc-review.googlesource.com/76480 Change-Id: I682b3c30dc45c3bbec3b58bb419c46ac79fa71ce Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat
-rw-r--r--chromium/third_party/webrtc/modules/video_coding/rtp_frame_reference_finder.cc8
1 files changed, 6 insertions, 2 deletions
diff --git a/chromium/third_party/webrtc/modules/video_coding/rtp_frame_reference_finder.cc b/chromium/third_party/webrtc/modules/video_coding/rtp_frame_reference_finder.cc
index dce35549d61..b2511351f5f 100644
--- a/chromium/third_party/webrtc/modules/video_coding/rtp_frame_reference_finder.cc
+++ b/chromium/third_party/webrtc/modules/video_coding/rtp_frame_reference_finder.cc
@@ -461,8 +461,12 @@ RtpFrameReferenceFinder::FrameDecision RtpFrameReferenceFinder::ManageFrameVp9(
RTC_LOG(LS_WARNING) << "Received keyframe without scalability structure";
frame->num_references = 0;
- GofInfo info = gof_info_.find(codec_header.tl0_pic_idx)->second;
- FrameReceivedVp9(frame->picture_id, &info);
+ auto gof_info_it = gof_info_.find(codec_header.tl0_pic_idx);
+ if (gof_info_it == gof_info_.end())
+ return kDrop;
+
+ FrameReceivedVp9(frame->picture_id, &gof_info_it->second);
+
UnwrapPictureIds(frame);
return kHandOff;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 05:47:08 +0000